This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Building consensus over DNSSEC enhancements to glibc.


On 11/17/2015 03:52 AM, Rich Felker wrote:

> I'm not saying that doing this contributes anything to security in the
> "hopelessly insecure configurations". I'm saying that there's nothing
> meaningful to report to the application in proper configurations, and
> that in the "hopelessly insecure configurations" reporting trust info
> that can't actually be trusted is irresponsible and harmful.

So I guess we are stuck with the "postfix method", meaning that every single application will have to check resolv.conf to see if it only contains 127.0.0.1,
do the query, recheck resolv.conf, pray there is no race condition, and trust the AD bit if the entry for both checks was only 127.0.0.1.

It also makes the res_* interface and getaddrinfo() obsolete in my opinion.

I guess it is a good thing that IANA today assigned an Early Code Point for draft-ietf-dnsop-edns-chain-query

http://www.iana.org/assignments/dns-parameters

I guess we should focus on developing a parameter compatible secure version of getaddrinfo() that tries to use edns-chain-query with a fallback to regular
queries so that applications that consume public keys from the DNS have a way of trusting the AD bit returned in the right circumstances. And doing so
with minimal changes to the application.

Paul


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]